Keyboard app AI.type leaks data of 31m users

Share

The details seemed to have leaked online after the app's developer failed to secure the database's server.

Researchers at Kromtech Security Center discovered the leak and tried several times to contact the company's co-founder, Eitan Fitusi who owns the server.

In the course of an weeks-long investigation, Kromtech Security Center discovered that a misconfigured MongoDB database allowed them to access data from almost 31 million users.

But security analysts were quick to warn of the amount of information that mobile apps gather about users, and said the practice was not acceptable. As per the report, the server was left unsecured without a password allowing access to the company's user database. The server has since been secured, but Fitusi did not respond when we asked for comment.

ZDNet who obtained a portion of the database to verify the information collected by the servers made a few scarier revelations to the breach. Leaked records as per Kromtech Security, also had a range of other statistics like the most popular users' Google queries for different regions. More specifically it collected device IMSI and IMEI numbers, device makes and models, phone screen resolutions, phone numbers, the names of cell phone providers, IP addresses, internet providers, and Android version numbers. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running.

New Destiny 2 Prometheus Lens Exotic Broke its Crucible PvP
It is also available as the first of two planned expansions in the game's $35 expansion pass. One is Power Level while the second one is Character Level.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. These weren't insignificant details either, they contained phone numbers, web searches and email addresses and corresponding passwords. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. Fitusi added that the input data is "non-personal" so it can't be connected to a particular user or device.

Among the compromised data are dates of birth, email addresses, passwords and information from their Google accounts, as well as all the actual text typed using the keyboard. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access.

So pretty much the promise of privacy, which ai.type outlines on its website has appeared to have a strong whiff of BS.

The seven-year-old company also claims that anything typed using its keyboards "stays encrypted and private".

But the database wasn't encrypted.

Air Pollution In London 'So Bad It Cancels Out Benefits Of Exercise'
For the study, researchers at Imperial College London and Duke University recruited 199 volunteers aged 60 and older. This builds on previous studies which have suggested air pollution exposure could cause premature births .

Bob Diachenko, from the Kromtech Security Centre, part of security company Mackeeper, said the amount of data required by the app at point of download was "shocking".

Client files that included the personal details of 31,293,959 users who installed ai.type virtual keyboard.

"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user".

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices".

Millions of babies are breathing in toxic air, UNICEF report says
The links of pollution with asthma, bronchitis and other respiratory diseases in the long course are known for a long time. Contamination above that limit could prove potentially harmful for children, with risks growing as exposure does.

Share